Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change to TF Licnese #347

Open
AdrianHammond opened this issue Aug 15, 2023 · 6 comments
Open

Change to TF Licnese #347

AdrianHammond opened this issue Aug 15, 2023 · 6 comments

Comments

@AdrianHammond
Copy link
Contributor

Support Question

Have been with @mcleo-d today and we were having a discussion on if the change to hashicorp license moving to Business Source License from GPL impacts CFI. James recommendation was to check with FINOS legal. Ahead of me doing that I wanted to check your views @eddie-knight @abdullahgarcia

Thanks Adrian
@eddie-knight
Copy link
Contributor

Sounds like a good course of action!

@AdrianHammond
Copy link
Contributor Author

email sent to FINOS legal team, have cc'd @mcleo-d @eddie-knight @abdullahgarcia

@eddie-knight
Copy link
Contributor

@AdrianHammond @abdullahgarcia

LF Legal is investigating this to take an official stance right now, but there are a few points to discuss in the open as we continue to consider this.

  1. The language provided by Hashicorp appears to be intentionally unclear, as it leaves many critical things undefined (especially the language "embed or host"). It is left to Hashicorp to interpret, and many companies are going on record with concern about whether the interpretation will fluctuate over time.
  2. The documented intent of CFI is to provide policies, infrastructure as code, and validation tooling. The second pillar currently includes some ansible and terraform resources.
  3. There is not currently any risk introduced by the terraform we have currently created (such as https://github.com/finos/terraform-aws-cfi-eks) but there is concern that any maintenance will bring the modules beyond Terraform v1.5.5 and thus subject us and our users to the whims of the BUSL enforcers.
  4. This may be a moot point entirely, irrespective of the license topic. We do not currently have a large contributor base or consumer base for the IaC resources, following the withdrawal of Hashicorp and Codethink from the project. With the creation of CCC, we hope that technology providers will begin creating their own compliant infrastructure and certifying it through the CFI validator.

Considering the aforementioned, I propose that we make all Terraform repositories private for now. Then, we can make any further decisions later based on what we learn in the coming weeks.

@abdullahgarcia
Copy link
Contributor

@eddie-knight

Let's make all Terraform repositories private for now and take action after the "mud" has cleared.

@AdrianHammond
Copy link
Contributor Author

I agree

@eddie-knight
Copy link
Contributor

Here are the following repositories that we'll be making private:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@abdullahgarcia @AdrianHammond @eddie-knight